iPhone

iPad

iOS

Jailbreak

Cydia

iOS' security has come come a long way since the original iPhone. Its security has come so far, in fact, that the encryption is a nightmare for law enforcement trying to view information from devices seized from criminals for evidence. Apple uses an encryption method known as AES (Advanced Encryption Standard), which is a tough nut to crack. However, it's not just the encryption itself that makes iOS so hard to break into.

Originally Posted by Ovie Carroll

I can tell you from the Department of Justice perspective, if that drive is encrypted, you're done," Ovie Carroll, director of the cyber-crime lab at the Computer Crime and Intellectual Property Section in the Department of Justice, said during his keynote address at the DFRWS computer forensics conference in Washington, D.C., last Monday. "When conducting criminal investigations, if you pull the power on a drive that is whole-disk encrypted you have lost any chance of recovering that data.

A copy of the AES key is hidden deep within the memory of Apple’s device, but as Gizmodo reports, it can only be taken advantage of if the person handling the device knows the passcode to the device. Even then, any information obtained from the iOS device remains encrypted. One major problem for law enforcement is that iOS has a memory wipe feature that can erase the device’s memory when the passcode is guessed wrong ten times in a row, effectively erasing the desired information and resetting the randomized AES key:

Most criminals aren't going to be dumb enough to not have a passcode since it keeps most people away from their sensitive information, however devices without passcodes take less effort to crack, since that is one less layer of security that needs to be penetrated. Unfortunately, even for a security expert, getting through the encryption is still a challenge when no passcode is present.

For criminals, the fact that iOS encryption is so secure makes the devices a great way to hide information from unwanted eyes, like law enforcement. Apple has always put heavy emphasis on user security from the part of their Web site that showcases their mobile operating system. As it appears, the gloating is certainly justified.

While the NSA might not be able to crack your iPhone’s security in a realistic amount of time right now, that’s not to say that they won’t be able to with future technology. Enjoy your high amount of security while it lasts.

This article is full of fail. Elcomsoft already makes a cracker that takes an image of the phone so that it can fail as many times as it wants getting the passcode, that's why it smart to not use the default 4 digit one

Also if the phone was backed to iCloud they can get all the data unencrypted, hell they could use the phonepw reset trick lol

This article is full of fail. Elcomsoft already makes a cracker that takes an image of the phone so that it can fail as many times as it wants getting the passcode, that's why it smart to not use the default 4 digit one

Also if the phone was backed to iCloud they can get all the data unencrypted, hell they could use the phonepw reset trick lol

The passcode can slow a hacker's move toward unencrypting a file. If you have the auto-wipe on, ten passcode failures will erase everything for good.

And they need seperate warrant to have you give them passwords if needed. Was reading an article the other day about that and the FBI took guys computers but asked him for the passwords and that if he didn't give them they would have to obtain a sperate warrant.

So they could wave a warrant in your face to make you give up the pass code? I can't see that working very well to anyone with an IQ over 80. If there is something in the iPhone that is incriminating, why would you tell them? They can't make you give it up.

This article is full of fail. Elcomsoft already makes a cracker that takes an image of the phone so that it can fail as many times as it wants getting the passcode, that's why it smart to not use the default 4 digit one

Also if the phone was backed to iCloud they can get all the data unencrypted, hell they could use the phonepw reset trick lol

Doesn't that method rely on the LimeRain exploit or something? As in a 4S would not be susceptible? I thought I read that somewhere, but cannot seem to find the source.

…devices seized from criminals…For criminals, the fact that iOS encryption is so secure makes the devices a great way to hide information from unwanted eyes, like law enforcement.

Oh. Many thanks to the author for showing me that all people whose devices have been taken by LEO are criminals...I'm going to write my representatives and have them do away with that pesky 3rd branch of government, the Judicial, since the police are 100% accurate. I'll also write Tim Cook and ask him to do away with encryption since only criminals want to keep things secret, and hey, I'm no criminal!!

So they could wave a warrant in your face to make you give up the pass code? I can't see that working very well to anyone with an IQ over 80. If there is something in the iPhone that is incriminating, why would you tell them? They can't make you give it up.

There was a case recently where the lady would not give them the password because she says she forgot it. They kept her locked up and I can't remember what they told her would happen if she did not come up with the password within 30 days (update: she could be held in contempt and jailed until she complies). Gonna have to try and remember the case to see if I can find it. Know wired did the article on it that I read.

The passcode can slow a hacker's move toward unencrypting a file. If you have the auto-wipe on, ten passcode failures will erase everything for good.

I don't think his statement makes this article a fail but I don't think you understood what he said..

He's saying they created a way to bypass the auto wipe and try as many pass codes as they want. This means they can just run a program that tries all of the possible combinations (may sound lousy but with a 4 pin security they can finish that in about an hour)

I don't understand why you guys failed to mention they could wipe it from a computer..

Also with iCloud And all I feel like apple could help them obtain the info they need without having to crack a pin...

Concerning the picture haha I used to have an android lock xt and an iOS passcode lock on my phone for kicks. I even considered adding a face recognition too. Also I had igotya hahhaa love that app

This article is full of fail. Elcomsoft already makes a cracker that takes an image of the phone so that it can fail as many times as it wants getting the passcode, that's why it smart to not use the default 4 digit one

Also if the phone was backed to iCloud they can get all the data unencrypted, hell they could use the phonepw reset trick lol

Elcomsoft website states: "(****) iPhone 4S, iPad 2 and the new iPad support is limited to jailbroken devices only."

So, obviously, iPhone security and hardiness is getting better and better. However, a big vulnerability is the computer which iPhone is syncing with. The "escrow file" can help them break into your iPhone, bypassing the need for the password.

This article is full of fail. Elcomsoft already makes a cracker that takes an image of the phone so that it can fail as many times as it wants getting the passcode, that's why it smart to not use the default 4 digit one

Also if the phone was backed to iCloud they can get all the data unencrypted, hell they could use the phonepw reset trick lol

Your post goes to show how little you might know about law and law enforcement.

This is why Apple iOS is the most secure platform to be in. Gives you a lot of piece of mind considering the amount of data we store in our smartphones these days. Then again, if they get into your cloud....

this article is nonsense, if law enforcement wants to get into your phone they have someone who knows how to install SSH and SSL, use itunnel_mux to create a virtual "router" usb tunnel and SSH into the phone with full access. Delete the keychain/keybag files and reboot. Passcode removed! all data intact!